II.A.3(a)     Supervision of Cybersecurity Risk

Cybersecurity is the process of protecting consumer and bank information by preventing, detecting, and responding to attacks. As part of cybersecurity, institutions should consider management of internal and external threats and vulnerabilities to protect information assets and the supporting infrastructure from technology-based attacks. In light of the increasing volume and sophistication of cybersecurity threats, examiners should focus on cybersecurity preparedness in assessing the effectiveness of an institution's overall information security program.


Previous Section
II.A.3 Supervision of Cybersecurity Risk and Resources
Next Section
II.A.3(b) Resources for Cybersecurity Preparedness